This page lists Spring advisories. Additional information on other VMware Products can be found on the VMware Security Advisories page.
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
A Spring application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
A Spring MVC or Spring WebFlux application that handles file uploads is vulnerable to DoS attack if it relies on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. A malicious user or attacker…
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and…
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
These are the prerequisites for the exploit:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access…
In Spring Framework versions 5.3.0 - 5.3.16, 5.2.0 - 5.2.19, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
Applications using Spring Cloud Gateway are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote…
Applications using Spring Cloud Gateway that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or…
The VMware Security Response team provides a single point of contact for the reporting of security vulnerabilities in VMware Tanzu products and coordinates the process of investigating any reported vulnerabilities.
To report a security vulnerability in a VMware service or product please refer to the VMware Security Response Policy.
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreCheck out all the upcoming events in the Spring community.
View all